Every router is factory pre-configured with IP address 192.168.88.1/24 on ether1 or ether2 port. Default username is admin with empty password. http://wiki.mikrotik.com/wiki/Manual:First_time_startup
RQ : pour les points d'accès WIFI : se connecter au SSID Mikrotik_XXXX
Soit avant de brancher : on charge le backup boot loader, Soit juste après avoir branché : on charge le default loader.
Hold this button before applying power, release after three seconds since powering, to load backup Boot loader. This might be necessary if the device is not operation because of a failed RouterBOOT upgrade. When you have started the device with the backup loader, you can either set RouterOS to force backup loader in the RouterBOARD settings, or have a chance to reinstall the failed RouterBOOT from a fwf file (total 3 seconds).
If you keep holding this button for 2 more seconds until LED light starts flashing, release the button to reset RouterOS configuration (total 5 seconds).
To connect this device to a wireless network managed by CAPsMAN, keep holding the button for 5 more seconds, LED turns solid, release now to turn on CAPs mode (total 10 seconds).
Or Keep holding the button for 5 more seconds until until LED turns off, then release it to make the RouterBOARD look for Netinstall servers. You can also simply keep the button pressed until the device shows up in the Netinstall program on Windows (total 15 seconds).
Mettre IP fixe sur carte, donner IP du sous réseau à netinstall. /!\ Ne pas cocher intégrer un script, sinon ce sera la conf par defaut si restauration de conf. /!\ Lors du netinstall, la partition est reformatée, tout ce qui était dans la flash est perdu !
/export /import
attention : si tous les paquets ne sont pas présents, cela génère des erreurs L'export ne contient pas user/passwd d'admin Attention au nom et nombre d'interfaces. Pour plus de chance de succès, utiliser le scripting : set [ find default-name=ether6 ] name=ether2 Vérifier que les règles de firewall ont été rechargées
/system reboot
export file=date_equipment
Se connecter en Out Of Band Management, reseter la conf :
/certificate> /system reset-configuration no-defaults=yes
Passer la sauvegarde de la conf à la main (gros copier coller)
Régénérer le certificat SSL et le mot de passe d'administration :
# /!\ !!! CHANGE ME !!!! /!\ :
:global adminUserName "sqdfkljqskjh"
:global adminPassword "lsqdkjfqhflhj"
:global localFqdn "slqdkfjhqlh.liberasys.com";
# /!\ !!! CHANGE ME !!!! /!\ :
# Compute hostname
:global localHostname;
:set localHostname;
:global localHostname;
:set localHostname [:pick ($localFqdn) 0 [:find ($localFqdn) "."]];
# Change default admin user
/user add name=$"adminUserName" group=full password="$adminPassword" disabled=no
/user remove admin
:put ""
:put "======================================================================"
:put " = HTTPS certificate generation (takes some time...)"
:put "======================================================================"
/certificate
add name="catmpl-$localHostname" common-name="ca-$localHostname" key-usage=key-cert-sign,crl-sign days-valid=10000 key-size=2048
add name="fwtmpl-$localHostname" common-name="$localFqdn" days-valid=10000 key-size=2048
sign "catmpl-$localHostname" ca-crl-host=127.0.0.1 name="ca-$localHostname"
:delay 1s
sign ca="ca-$localHostname" "fwtmpl-$localHostname" name="$localHostname"
:delay 1s
set "ca-$localHostname" trusted=yes
set "$localHostname" trusted=yes
export-certificate "ca-$localHostname"
/ip service set www-ssl certificate="$localHostname" disabled=no
# Wait for certificates to be created
{
:local count 0;
:while ([/certificate find where name="$localHostname"] = "") do={
:if ($count = 30) do={
/quit;
}
:delay 1s; :set count ($count +1);
};
}
Reseter l'équipement :
/system reboot
/system reset-configuration
/system reset-configuration no-defaults=yes
/system default-configuration print
menu quick set, upgrade ou (>6.31) :
{
/system package update
check-for-updates once
:delay 1s;
:if ( [get status] = "New version is available") do={ install }
}
/certificate add name=catmpl-sd-114049-fw common-name=ca-sd-114049-fw key-usage=key-cert-sign,crl-sign days-valid=10000 add name=fwtmpl-sd-114049-fw common-name=sd-114049-fw days-valid=10000 sign catmpl-sd-114049-fw name=ca-sd-114049-fw sign ca=ca-sd-114049-fw fwtmpl-sd-114049-fw name=sd-114049-fw set ca-sd-114049-fw trusted=yes set sd-114049-fw trusted=yes export-certificate ca-sd-114049-fw
/ip pool add name=admin-ovpn-pool ranges=192.168.2.200-192.168.2.250 /ppp profile add change-tcp-mss=default comment="" bridge=br-admin \ name="ovpn-admin" only-one=default \ use-compression=default use-encryption=required \ local-address=admin-ovpn-pool only-one=no remote-address=admin-ovpn-pool /ppp secret add caller-id="" comment="" disabled=no limit-bytes-in=0 \ limit-bytes-out=0 name="username" password="password" \ routes="" service=any /interface ovpn-server server set auth=sha1,md5 certificate=sd-114049-fw \ cipher=blowfish128,aes128,aes192,aes256 default-profile=ovpn-admin \ enabled=yes keepalive-timeout=disabled max-mtu=1500 mode=ethernet netmask=24 \ port=1194 require-client-certificate=no
/system check-installation
/interface bridge port monitor [find]
[admin@plmagw03] /interface vlan> /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU
0 RS ether1 ether 1500 1588 4064
1 S ether2 ether 1500 1588 4064
2 S ether3 ether 1500 1588 4064
3 S ether4 ether 1500 1588 4064
4 S ether5 ether 1500 1588 4064
5 S ether6 ether 1500 1588 4064
6 S ether7 ether 1500 1588 4064
7 S ether8 ether 1500 1588 4064
8 S ether9 ether 1500 1588 4064
9 S ether10 ether 1500 1588 4064
10 S ether11 ether 1500 1588 4064
11 S ether12 ether 1500 1588 4064
12 S ether13 ether 1500 1588 4064
13 S ether14 ether 1500 1588 4064
14 S ether15 ether 1500 1588 4064
15 S ether16 ether 1500 1588 4064
16 S ether17 ether 1500 1588 4064
17 RS ether18 ether 1500 1588 4064
18 S ether19 ether 1500 1588 4064
19 S ether20 ether 1500 1588 4064
20 S ether21 ether 1500 1588 4064
21 S ether22 ether 1500 1588 4064
22 S ether23 ether 1500 1588 4064
23 RS ether24 ether 1500 1588 4064
24 sfp1 ether 1500 1588 4064
25 R br-spanning-tree bridge 1500 1588
26 ;;; 1970.01.02-18:14:44: received loop protect packet originated from 6C:3B:6B:8...
vlan1 vlan 1500 1584
[admin@plmagw03] /interface vlan> /interface bridge port monitor [find]
interface: ether1 ether2 ether3 ethe>
status: in-bridge in-bridge in-bridge in-b>
port-number: 1 2 3 4 >
role: designated-port designated-port backup-port disa>
edge-port: no no no no >
edge-port-discovery: yes yes yes yes >
point-to-point-port: no no no no >
external-fdb: no no no no >
sending-rstp: yes yes yes no >
learning: yes yes no no >
forwarding: yes yes no no >
root-path-cost: 10 >
designated-bridge: 0x8000.6C:3B:6B:85:B8:85 >
designated-cost: 0 >
designated-port-number: 2 >
-- [Q quit|D dump|C-z pause|right]
[admin@plmagw03] /interface vlan> /interface bridge port monitor [find]
interface: ether1 ether2 ether3 ether4 ethe>
status: in-bridge in-bridge in-bridge in-bridge in-b>
port-number: 1 2 3 4 5 >
role: designated-port designated-port disabled-port disabled-port disa>
edge-port: no yes no no no >
edge-port-discovery: yes yes yes yes yes >
point-to-point-port: no no no no no >
external-fdb: no no no no no >
sending-rstp: yes yes no no yes >
learning: yes yes no no no >
forwarding: yes yes no no no >
{
:local curDate [/system clock get date]
:local curTime [/system clock get time]
:local systemName [/system identity get name]
:local curMonth [:pick $curDate 0 3]
:set curMonth ( [ :find key="$curMonth" in="jan,feb,mar,apr,may,jun,jul,aug,sep,oct,nov,dec" from=-1 ] / 4 + 1)
if ( $curMonth < 10 ) do={
:set curMonth ( "0".$curMonth )
} else={
:set curMonth $curMonth
}
:local curDay [:pick $curDate 4 6]
:local curYear [:pick $curDate 7 13]
:local curHour [:pick $curTime 0 2]
:local curMin [:pick $curTime 3 5]
/
/export show-sensitive file=( "$systemName"."-"."$curYear"."$curMonth"."$curDay" ."-"."$curHour"."$curMin" )
/file print
}
In RouterOS it is possible to automatically execute scripts - your script file has to be named anything.auto.rsc - once this file is uploaded using FTP to the router, it will automatically be executed, just like with the '/import' command. This method only works with FTP. Once the file is uploaded, it is automatically executed. Information about the success of the commands that were executed is written to anything.auto.log
/queue type add kind=pcq name=PCQ_download pcq-classifier=dst-address add kind=pcq name=PCQ_upload pcq-classifier=src-address /queue simple add max-limit=100M/100M name=queue1 queue=PCQ_upload/PCQ_download target=192.168.1.0/24
/system script remove brvlan /system script add name=brvlan /system script edit brvlan source
paste your script Ctrl+o
/system script edit brvlan source
review your syntax other solution :
/system script print where name=brvlan